Export limit exceeded: 18948 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (18948 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2010-5032 | 2 Joomla, Tamlyncreative | 2 Joomla\!, Com Bfquiztrial | 2025-04-11 | N/A |
| SQL injection vulnerability in the BF Quiz (com_bfquiztrial) component before 1.3.1 for Joomla! allows remote attackers to execute arbitrary SQL commands via the catid parameter in a bfquiztrial action to index.php. | ||||
| CVE-2010-5033 | 1 Fusebox | 1 Fusebox | 2025-04-11 | N/A |
| SQL injection vulnerability in ProductList.cfm in Fusebox 5.5.1 allows remote attackers to execute arbitrary SQL commands via the CatDisplay parameter. | ||||
| CVE-2012-3435 | 1 Zabbix | 1 Zabbix | 2025-04-11 | N/A |
| SQL injection vulnerability in frontends/php/popup_bitem.php in Zabbix 1.8.15rc1 and earlier, and 2.x before 2.0.2rc1, allows remote attackers to execute arbitrary SQL commands via the itemid parameter. | ||||
| CVE-2012-3350 | 1 Valarsoft | 1 Webmatic | 2025-04-11 | N/A |
| SQL injection vulnerability in index.php in Webmatic 3.1.1 allows remote attackers to execute arbitrary SQL commands via the Referer HTTP header. | ||||
| CVE-2012-2937 | 1 Pligg | 1 Pligg Cms | 2025-04-11 | N/A |
| Multiple SQL injection vulnerabilities in Pligg CMS before 1.2.2 allow remote attackers to execute arbitrary SQL commands via the (1) list parameter in a move action to admin/admin_index.php, (2) display parameter in a minimize action to admin/admin_index.php, (3) enabled[] parameter to admin/admin_users.php, or (4) msg_id to the module.php in the simple_messaging module. | ||||
| CVE-2012-2925 | 1 Simple Php Agenda | 1 Simple Php Agenda | 2025-04-11 | N/A |
| SQL injection vulnerability in engine.php in Simple PHP Agenda 2.2.8 allows remote attackers to execute arbitrary SQL commands via the priority parameter in an addTodo action. | ||||
| CVE-2010-5001 | 1 Esoftpro | 1 Online Contact Manager | 2025-04-11 | N/A |
| SQL injection vulnerability in view.php in esoftpro Online Contact Manager 3.0 allows remote attackers to execute arbitrary SQL commands via the id parameter. | ||||
| CVE-2010-5000 | 1 Joe Pieruccini | 1 Mclogin System | 2025-04-11 | N/A |
| SQL injection vulnerability in login/login_index.php in MCLogin System 1.1 and 1.2 allows remote attackers to execute arbitrary SQL commands via the myusername parameter (aka Username field) in a do_login action. NOTE: some of these details are obtained from third party information. | ||||
| CVE-2010-4999 | 1 Esoftpro | 1 Online Photo Pro | 2025-04-11 | N/A |
| SQL injection vulnerability in index.php in esoftpro Online Photo Pro 2.0 allows remote attackers to execute arbitrary SQL commands via the section parameter. | ||||
| CVE-2014-1459 | 1 Doorgets | 1 Doorgets Cms | 2025-04-11 | N/A |
| SQL injection vulnerability in dg-admin/index.php in doorGets CMS 5.2 and earlier allows remote authenticated administrators to execute arbitrary SQL commands via the _position_down_id parameter. NOTE: this can be leveraged using CSRF to allow remote attackers to execute arbitrary SQL commands. | ||||
| CVE-2014-1466 | 1 Csp Mysql User Manager Project | 1 Csp Mysql User Manager | 2025-04-11 | N/A |
| SQL injection vulnerability in CSP MySQL User Manager 2.3 allows remote attackers to execute arbitrary SQL commands via the login field of the login page. | ||||
| CVE-2014-1471 | 1 Otrs | 1 Otrs | 2025-04-11 | N/A |
| SQL injection vulnerability in the StateGetStatesByType function in Kernel/System/State.pm in Open Ticket Request System (OTRS) 3.1.x before 3.1.19, 3.2.x before 3.2.14, and 3.3.x before 3.3.4 allows remote attackers to execute arbitrary SQL commands via vectors related to a ticket search URL. | ||||
| CVE-2014-1618 | 1 Uaepd | 1 Shopping Cart Script | 2025-04-11 | N/A |
| Multiple SQL injection vulnerabilities in UAEPD Shopping Cart Script allow remote attackers to execute arbitrary SQL commands via the (1) cat_id or (2) p_id parameter to products.php or id parameter to (3) page.php or (4) news.php. | ||||
| CVE-2014-1619 | 1 Cubicfactory | 1 Cubic Cms | 2025-04-11 | N/A |
| Multiple SQL injection vulnerabilities in Cubic CMS 5.1.1, 5.1.2, and 5.2 allow remote attackers to execute arbitrary SQL commands via the (1) resource_id or (2) version_id parameter to recursos/agent.php or (3) login or (4) pass parameter to login.usuario. | ||||
| CVE-2012-2923 | 1 Hypermethod | 1 Elearning Server | 2025-04-11 | N/A |
| SQL injection vulnerability in news.php4 in Hypermethod eLearning Server 4G allows remote attackers to execute arbitrary SQL commands via the nid parameter. | ||||
| CVE-2010-4997 | 1 Olykit | 1 Swoopo Clone 2010 | 2025-04-11 | N/A |
| SQL injection vulnerability in index.php in OlyKit Swoopo Clone 2010 allows remote attackers to execute arbitrary SQL commands via the id parameter in a product action. | ||||
| CVE-2010-4996 | 1 Esoftpro | 1 Online Guestbook Pro | 2025-04-11 | N/A |
| SQL injection vulnerability in ogp_show.php in esoftpro Online Guestbook Pro 5.1 allows remote attackers to execute arbitrary SQL commands via the search parameter. | ||||
| CVE-2012-2908 | 1 Viscacha | 1 Viscacha | 2025-04-11 | N/A |
| Multiple SQL injection vulnerabilities in admin/bbcodes.php in Viscacha 0.8.1.1 allow remote attackers to execute arbitrary SQL commands via the (1) bbcodeexample, (2) buttonimage, or (3) bbcodetag parameter. | ||||
| CVE-2012-2762 | 1 S9y | 1 Serendipity | 2025-04-11 | N/A |
| SQL injection vulnerability in include/functions_trackbacks.inc.php in Serendipity 1.6.2 allows remote attackers to execute arbitrary SQL commands via the url parameter to comment.php. | ||||
| CVE-2012-2695 | 4 Cloudforms Cloudengine, Redhat, Rhel Sam and 1 more | 5 1, Openshift, 1.1 and 2 more | 2025-04-11 | N/A |
| The Active Record component in Ruby on Rails before 3.0.14, 3.1.x before 3.1.6, and 3.2.x before 3.2.6 does not properly implement the passing of request data to a where method in an ActiveRecord class, which allows remote attackers to conduct certain SQL injection attacks via nested query parameters that leverage improper handling of nested hashes, a related issue to CVE-2012-2661. | ||||